The public switched telephony network (PSTN) is made up of carriers who have agreements to interconnect with one another and switch calls to among one another. The PSTN comprises numerous switching systems, which are stored program controlled computers comprising line terminations. The switching systems connect to other switching systems, forming indirect links from customer premises to customer premises around the world.
In a common channel signaling (CCS) network, switching systems interconnect using bearer channels and signaling channels. Bearer channels generally are 64 kbit/second channels that carry voice traffic such as modem calls. Signaling channels carry call information in a separate network; this is known as out-of-band signaling because call signaling information is communicated outside the audible voice band of calls. ITU Recommendation Q.700 describes this type of PSTN in detail.
Only carriers may connect to the signaling network. However, as a result of national and international deregulation of telephone systems, many new carriers are entering or are about to enter the field. For example, in the United States, in the past there have been approximately seven (7) major signaling carriers and numerous independent carriers, but in the future, there will be many new local exchange carriers. Internet Service Providers (ISPs), for example, are expected to rush into the local exchange switching market.
In a regulated environment, the major signaling carriers could establish common standards and rely on trust of one another to ensure that proper signals were carried in the signaling network. In a deregulated environment, the signaling network is perceived as a less trustworthy environment. In particular, in the past, the physical security of SS7 switching facilities provided the primary overall security of an SS7 switching network. Now, there is less assurance that new carriers will maintain the same level of physical facility security that the major carriers have enforced in the past.
Further, in the deregulated environment, a carrier cannot be trusted to connect to the network and use it in a proper manner. For example, a carrier could generate calls for no reason. A carrier could claim to have reachability to another location when in fact it doesn't have that capability. A carrier could express state information about its circuits incorrectly. A carrier could generate Initial Address Messages to distant switches and then wait for them to time out. All these operations are improper and potentially harmful to other network elements and to the private data networks that are connected to such network elements.
In data networks, firewalls are available that are based on UNIX computer systems, and may operate in standalone fashion or are integrated into routers. Firewalls can be used to selectively admit or deny data packets based on rules or policies. Such firewalls, however, cannot be used in SS7 telephone networks or their component systems because their hardware and software is incompatible. For example, lower SS7 messaging layers require unique firmware and hardware for terminating trunks. Further, SS7 is a message-oriented protocol that requires the use of special messages for graceful startup and shutdown of links. These messages are not supported in available firewalls.
Accordingly, there is a need to improve signaling security and data channel security between signaling network entities.
In particular, there is a need to protect internetworks, LANs and WANs from undesirable, undefined, or malicious signals and messages originating in local exchange carriers or other carriers outside such data networks.
There is also a need for a system and method that can interconnect a data network, and servers thereof, to a circuit-switched telephony network that uses time-division multiplexed signaling, for a variety of purposes. In particular, there is a need for a system and method that can interconnect a data network to a circuit-switched telephony network that uses Signaling System 7 protocols for signaling.